Interaction Perception Attention Network Between Layers for #br#
Fewshot Malicious Domain Name Detection#br#

Journal of Information Security Reserach ›› 2025, Vol. 11 ›› Issue (1): 50-.

Previous Articles Next Articles

Interaction Perception Attention Network Between Layers for #br# Fewshot Malicious Domain Name Detection#br#

Chen Yaowei1 and Lou Yanchao2

1(Xinjiang Branch, National Computer Network and Information Security Management Center, Urumqi 830001)
2(School of Physics and Electrical Engineering, Kashi University, Kashi, Xinjiang 844008)

Online:2025-01-24 Published:2025-02-20

基于层间交互感知注意力网络的小样本恶意域名检测

陈要伟1娄颜超2

1(国家计算机网络与信息安全管理中心新疆分中心乌鲁木齐830001)
2(喀什大学物理与电气工程学院新疆喀什844008)

通讯作者: 娄颜超硕士，副教授.主要研究方向为网络安全、深度学习. zxl_tx@163.com
作者简介:陈要伟硕士，工程师.主要研究方向为网络安全、攻防检测. 1527614887@qq.com 娄颜超硕士，副教授.主要研究方向为网络安全、深度学习. zxl_tx@163.com

Abstract

Abstract: Quickly locating and accurately detecting malicious access requests in the domain name system has significant research value for ensuring network information security and economic security. A fewshot malicious domain name detection method based on an interlayer interaction perception attention network is proposed. First, a dualbranch network support branch and query branch are established using a metalearning training strategy. In the support branch, convolutional neural networks Vgg16 and GRU (gated recurrent unit) are used to extract the encoding features of domain names in temporal and spatial dimensions, respectively. Then, to promote information interaction between features of different dimensions, crossattention with temporal features is established at each layer in the spatial dimension. Finally, by calculating the similarity metric between query encoding features and interaction features, the legitimacy of the domain name to be tested can be quickly determined. Through testing on opensource malicious domain name datasets and fewshot family malicious domain name datasets, the results show that the proposed method can achieve 0.9895 detection precision in the binary classification task of normal domain names and malicious domain names, and 0.9682 average detection precision on 20 fewshot family malicious domain name datasets, which is superior to current classical malicious domain name detection methods.

Key words: malicious domain name detection, interaction perception, convolutional neural network, gated recurrent neural network, metalearning training strategy

摘要： 快速定位并准确检测出域名系统中的恶意访问请求，对保障网络信息安全与经济安全具有重要的研究价值，提出一种基于层间交互感知注意力网络的小样本恶意域名检测方法.首先，利用元学习训练策略建立支持分支和查询分支的双分支网络，并在支持分支中利用卷积神经网络Vgg16和门控循环单元(gated recurrent unit, GRU)分别提取域名字符串在时序维度和空间维度上的编码特征.然后，为了促进不同维度间特征的信息交互，在空间维度的每一层上建立时序特征的交叉注意力.最后，通过计算查询编码特征和交互特征之间的相似性度量，快速给出待测域名合法性的判定.通过在开源恶意域名数据集和小样本家族恶意域名数据集上进行测试，结果显示所提出方法在合法域名与恶意域名二分类任务上可以实现0.9895的检测精准率，在20个小样本家族恶意域名数据集上可以实现0.9682的平均检测精准率，优于当前经典的恶意域名检测方法.

关键词: 恶意域名检测, 交互感知网络, 卷积神经网络, 门控循环神经网络, 元学习训练策略

CLC Number:

TP302.2

陈要伟, 娄颜超, . 基于层间交互感知注意力网络的小样本恶意域名检测[J]. 信息安全研究, 2025, 11(1): 50-.

References

［1］赵宏, 常兆斌, 王乐. 基于词法特征的恶意域名快速检测算法［J］. 计算机应用, 2019, 39(1): 227231［2］吴涛, 王占海, 张健, 等. 基于CNNBiLSTM迁移自反馈学习的小样本恶意域名检测［J］. 小型微型计算机系统, 2023, 44(3): 602607［3］王中华, 徐杰, 韩健, 等. 基于卷积神经网络的恶意区块链域名检测方法［J］. 信息安全研究, 2022, 8(8): 760767［4］赵正利, 姜鹏, 仲国强, 等. 基于SVMRFE和粒子群优化算法的恶意域名检测模型［J］. 福州大学学报: 自然科学版, 2023, 51(5): 634638［5］姚远, 樊昭杉, 王青, 等. 基于多元时序特征的恶意域名检测方法［J］. 信息网络安全, 2023, 23(11): 18［6］姜言波, 邵增珍. 基于无监督自适应模糊聚类的多家族恶意域名细粒度检测［J］. 中国电子科学研究院学报, 2023, 18(7): 663670［7］马永忠, 夏保丽. 基于改进Transformer和强化学习的僵尸网络DGA域名检测［J］. 广西科学, 2023, 30(1): 139148［8］赵凡, 赵宏, 常兆斌. 基于迁移学习的小样本恶意域名检测［J］. 计算机工程与设计, 2022, 43(12): 33813387［9］Xu C, Shen J, Du X. A method of fewshot network intrusion detection based on metalearning framework［J］. IEEE Trans on Information Forensics and Security, 2020, 15: 35403552［10］Wagan A A, Li Q M, Zaland Z, et al. A unified learning approach for malicious domain name detection［J］. Axioms, 2023, 12(5): 458［11］Chen, S J, Lang B, Chen Y K, et al. Detection of algorithmically generated malicious domain names with feature fusion of meaningful word segmentation and ngram sequences［J］. Applied Sciences, 2023, 13(7): 4406［12］张凤, 张微, 魏金花. 基于BERT和层次化Attention的恶意域名检测［J］. 中国电子科学研究院学报, 2022, 17(3): 290296

[1]	. Model of Intrusion Detection Based on Federated Learning and Convolutional Neural Network [J]. Journal of Information Security Reserach, 2024, 10(7): 642-.
[2]	. A Network Intrusion Detection Model Integrating CNN-BiGRU and Attention Mechanism [J]. Journal of Information Security Reserach, 2024, 10(3): 202-.
[3]	. Encrypted Proxy Traffic Identification Method Based on Convolutional Neural Network#br# [J]. Journal of Information Security Reserach, 2023, 9(8): 722-.
[4]	. Research on Automatic Recognition Technology of Gambling Website [J]. Journal of Information Security Reserach, 2023, 9(5): 440-.
[5]	. Research on Malicious Behavior Detection and Identification Model Based on Deep Learning [J]. Journal of Information Security Reserach, 2023, 9(12): 1152-.
[6]	. Intrusion Detection Method Based on Multiscale Spatialtemporal Residual Network [J]. Journal of Information Security Reserach, 2023, 9(11): 1045-.
[7]	. [J]. Journal of Information Security Reserach, 2022, 8(8): 760-.
[8]	. DGCNN-based Exploit Kit Attack Activities Detection Method [J]. Journal of Information Security Reserach, 2022, 8(7): 685-.
[9]	. Research on Source Code Vulnerability Detection Based on Abstract Syntax Tree Compression Coding [J]. Journal of Information Security Reserach, 2022, 8(1): 35-.
[10]	. Darknet Market Named Entity Recognition Based on Deep Learning [J]. Journal of Information Security Research, 2021, 7(1): 37-43.
[11]	. Malware Detection Based on Word Embedding Features of Assembly Instruction [J]. Journal of Information Security Research, 2020, 6(2): 113-121.
[12]	. Abnormal Detection in Modbus TCP Based on Convolutional Neural Network [J]. Journal of Information Security Research, 2019, 5(7): 635-638.
[13]	. Android Malware Detection Algorithm Based on CNN and Naive Bayesian Method [J]. Journal of Information Security Research, 2019, 5(6): 470-476.
[14]	. Android Malware Detection Method Based on Convolutional Neural Network [J]. Journal of Information Security Research, 2018, 4(8): 715-721.
[15]	. Network intrusion detection model based on convolutional neural network [J]. Journal of Information Security Research, 2017, 3(11): 990-994.

Interaction Perception Attention Network Between Layers for #br# Fewshot Malicious Domain Name Detection#br#

基于层间交互感知注意力网络的小样本恶意域名检测

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics